====== Windows AD information in command line ======
C:\Users\myuser1>gpresult /r | find "OU"
CN=MYUSER1,OU=ALL Users,OU=NDS,DC=xxx,DC=xxx,DC=lu
GPOUSER_ScreenSaver30m
List all groups of a user:
C:\Users\myuser1> (GET-ADUSER –Identity myuser1 –Properties MemberOf | Select-Object MemberOf).MemberOf
Get the extensionAttribute attribute value for all Active Directory users using PowerShell
How do I return the sAMAccountName and a particular attribute – in this case extensionAttribute1 for all Active Directory users in PowerShell
Get-ADUser username -Properties * | Select *
Get-ADUser -Properties extensionAttribute1 -Filter * | Select sAMAccountName, extensionAttribute1 | export-csv c:\temp\extensionattribute1.csv
Using PowerShell to List All AD User Attributes
Per the previous section you need to examine the following to get the full list of potential attributes for any class definition:
Find a list of all classes inherited by the class (inheritance chain)
Find a list of all supplemental (auxiliary) classes for the classes found in the previous step
Find all attribute lists in the four mustContain/mayContain attributes of the classes found in the two previous (don’t forget the class itself)
Import-Module ActiveDirectory
$Loop = $True
$ClassName = "User"
$ClassArray = [System.Collections.ArrayList]@()
$UserAttributes = [System.Collections.ArrayList]@()
# Retrieve the User class and any parent classes
While ($Loop) {
$Class = Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -Like $ClassName } -Properties AuxiliaryClass, SystemAuxiliaryClass, mayContain, mustContain, systemMayContain, systemMustContain, subClassOf, ldapDisplayName
If ($Class.ldapDisplayName -eq $Class.subClassOf) {
$Loop = $False
}
$ClassArray.Add($Class)
$ClassName = $Class.subClassOf
}
# Loop through all the classes and get all auxiliary class attributes and direct attributes
$ClassArray | % {
# Get Auxiliary class attributes
$Aux = $_.AuxiliaryClass | % { Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -like $_ } -Properties mayContain, mustContain, systemMayContain, systemMustContain } |
Select-Object @{n = "Attributes"; e = { $_.mayContain + $_.mustContain + $_.systemMaycontain + $_.systemMustContain } } |
Select-Object -ExpandProperty Attributes
# Get SystemAuxiliary class attributes
$SysAux = $_.SystemAuxiliaryClass | % { Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -like $_ } -Properties MayContain, SystemMayContain, systemMustContain } |
Select-Object @{n = "Attributes"; e = { $_.maycontain + $_.systemmaycontain + $_.systemMustContain } } |
Select-Object -ExpandProperty Attributes
# Get direct attributes
$UserAttributes += $Aux + $SysAux + $_.mayContain + $_.mustContain + $_.systemMayContain + $_.systemMustContain
}
$UserAttributes | Sort-Object | Get-Unique
accountExpires
accountNameHistory
aCSPolicyName
adminCount
adminDescription
adminDisplayName
...
c
canonicalName
carLicense
cn
co
codePage
comment
company
controlAccessRights
countryCode
...
enabledProtocols
expirationTime
extensionAttribute1
...
extensionData
extensionName
facsimileTelephoneNumber
flags
folderPathname
formData
forwardingAddress
fromEntry
frsComputerReferenceBL
fRSMemberReferenceBL
fSMORoleOwner
garbageCollPeriod
gecos
generationQualifier
gidNumber
givenName
groupMembershipSAM
groupPriority
groupsToIgnore
heuristics
homeDirectory
homeDrive
homeMDB
homeMTA
homePhone
homePostalAddress
houseIdentifier
importedFrom
info
initials
instanceType
internationalISDNNumber
internetEncoding
ipPhone
isCriticalSystemObject
isDeleted
isPrivilegeHolder
isRecycled
jpegPhoto
kMServer
l
labeledURI
language
languageCode
lastKnownParent
lastLogoff
lastLogon
lastLogonTimestamp
legacyExchangeDN
lmPwdHistory
localeID
lockoutTime
loginShell
logonCount
logonHours
logonWorkstation
mail
mailNickname
managedObjects
manager
mAPIRecipient
masteredBy
maxStorage
mDBOverHardQuotaLimit
mDBOverQuotaLimit
mDBStorageQuota
mDBUseDefaults
memberOf
mhsORAddress
middleName
mobile
modifyTimeStamp
msCOM-PartitionSetLink
msCOM-UserLink
...
msDS-UserPasswordExpiryTimeComputed
msDS-ValueTypeReferenceBL
msExchADCGlobalNames
...
msNPSavedCallingStationID
msOrg-LeadersBL
msPKIAccountCredentials
...
msRADIUSServiceType
msRASSavedCallbackNumber
msRASSavedFramedIPAddress
msRASSavedFramedRoute
msSFU30Name
msSFU30NisDomain
msSFU30PosixMemberOf
msTSAllowLogon
...
name
netbootSCPBL
networkAddress
nonSecurityMemberBL
ntPwdHistory
nTSecurityDescriptor
o
objectCategory
objectClass
objectGUID
objectSid
objectVersion
...
ou
ownerBL
...
postOfficeBox
preferredDeliveryMethod
preferredLanguage
preferredOU
primaryGroupID
primaryInternationalISDNNumber
...
pwdLastSet
...
repsFrom
repsTo
revision
rid
roomNumber
sAMAccountName
sAMAccountType
scriptPath
sDRightsEffective
secretary
securityIdentifier
securityProtocol
seeAlso
serialNumber
serverReferenceBL
servicePrincipalName
shadowExpire
shadowFlag
shadowInactive
shadowLastChange
shadowMax
shadowMin
shadowWarning
showInAddressBook
showInAdvancedViewOnly
sIDHistory
siteObjectBL
sn
st
street
...
title
tokenGroups
tokenGroupsGlobalAndUniversal
tokenGroupsNoGCAcceptable
uid
uidNumber
unauthOrig
unauthOrigBL
unicodePwd
unixHomeDirectory
unixUserPassword
unmergedAtts
url
userAccountControl
userCert
userCertificate
userParameters
userPassword
userPKCS12
userPrincipalName
userSharedFolder
userSharedFolderOther
userSMIMECertificate
userWorkstations
uSNChanged
uSNCreated
uSNDSALastObjRemoved
USNIntersite
uSNLastObjRem
uSNSource
versionNumber
wbemPath
wellKnownObjects
whenChanged
whenCreated
wWWHomePage
x121Address
x500uniqueIdentifier
https://www.easy365manager.com/how-to-get-all-active-directory-user-object-attributes/